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CLAIMS 

1 . A method for applying an electronic signature from a client station, 
comprising the steps of: 

IN authenticating the client station at a server, thereby establishing an 
authenticated communication channel between the client station and 
said server; 

IB/ generating a private key/public key pair at the client station; 

ICI sending from the client station to the server, via the authenticated 

channel, a request for a signature certificate, generated by means of at 

least the public key; 

ID! sending from the server to the client station, via the authenticated 
channel, a signature certificate provided in response to said request; 

IEI calculating a cryptographic signature at the client station by means of 
the private key, then destroying the private key at the client station; and 

IF/ formatting the calculated signature with the aid of the signature 
certificate received by the client station via the authenticated channel. 

2. Method according to Claim 1, wherein steps ICI and IE/ are 
executed in parallel at the client station. 

3. Method according to Claim 1 , wherein steps /B/, /C/, IE/ and IF/ are 
at least partially executed at the client station under the control of a program 
downloaded from the server in response to step IN. 

4. Method according to Claim 1 , wherein step IN comprises mutually 
authenticating the server and the client station. 
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5. Method according to Claim 1, comprising the further step of 
verifying, at the client station, the signature certificate received via the 
authenticated channel. 

6. Method according to Claim 1, wherein the signature certificate 
5 obtained by the server has a validity period of at most one day. 

7. Method according to Claim 1, comprising the preliminary step of 
registering the client station with respect to a certification authority with which 
the server cooperates, or with respect to a registration authority associated with 
said certification authority. 

108. A computer program product, comprising instructions to be executed 

in a client station having authentication resources with respect to an electronic 
signature assistance server, said instructions including: 

- instructions for generating a private key/public key pair after the 
establishment of an authenticated channel between the client station and 

15 said server; 

- instructions for transmitting to the server, via the authenticated channel, a 
request for a signature certificate generated by means of at least the 
public key; 

- instructions for receiving from the server, via the authenticated channel, a 
20 signature certificate obtained in response to said request; 

- instructions for calculating a cryptographic signature by means of the 
private key, and then for destroying the private key; and 

- instructions for formatting the calculated signature with the aid of the 
signature certificate received via the authenticated channel. 

25 9. Computer program product according to Claim 8, wherein the 

instructions for transmitting the signature certificate request and the instructions 
for calculating the electronic signature and then for destroying the private key 
are executable in parallel. 



- 19- 



10. Computer program product according to Claim 8, wherein at least 

some of said instructions form part of a program written in a mobile code 
language and downloadable from said server (2) after establishment of the 
authenticated channel. 

5 11. Computer program product according to Claim 8, wherein said 

instructions further include instructions for verifying the signature certificate 
received via the authenticated channel. 

12. Electronic signature assistance server, comprising means of 

authenticating a client station to establish an authenticated communication 

10 channel with said client station, means for obtaining a signature certificate in 
response to a request received from the client station via the authenticated 
channel and for transmitting said certificate to the client station via the 
authenticated channel, and means for downloading to the client station a 
program written in a mobile code language, including instructions for 

15 controlling, at least partially, the execution of the following operations by the 
client station: 

- generation of a private key/public key pair at the client station after the 
establishment of the authenticated channel; 

- transmission to the server, via the authenticated channel, of a request for 
20 a signature certificate generated by means of at least the public key; 

- reception, via the authenticated channel, of the signature certificate 
transmitted by the server in response to said request; 

- calculation of a cryptographic signature at the client station by means of 
the private key, followed by destruction of the private key; and 

25 - formatting of the calculated signature with the aid of the signature 

certificate received via the authenticated channel. 



13. Assistance server according to Claim 12, wherein the signature 

certificate has a validity period of at most one day. 
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14. Assistance server according to Claim 12, wherein said operations 
further comprise a verification of the signature certificate received via the 
authenticated channel. 



